Skip to main content

Jose Nazario analyzes the Skunkx DDoS Bot

posted onMarch 16, 2011
by hitbsecnews

Lest you think all of the DDoS bots we focus on come only from China, we found one that appears to be from the US. We’re calling this bot “Skunkx”. We have not yet seen the bot’s attacks in the wild, however, and so we do not know its favored victim profiles. We also do not know how big this botnet is at this time.

The bot’s capabilities include:

Perform DDoS attacks: UDP floods, SYN floods, HTTP floods, and Slowloris attacks
Detect some analyst tools (Commview, TCPView, and Wireshark) and platforms (QEMU, VMWare, VirtualPC)
Spread over USB, MSN, YahooMessenger
“Visit” sites, speedtest
Download and install, update, and remove arbitrary software
Detect and stop DDoSer, Blackshades, Metus and IRC bots on the box; it apparently can speak “DDoSer” too
Spread as a torrent file
Steal logins stored in the SQLite DB by Mozilla

We have not seen source or the control panel of the bot. The author appears to like the “JoinVPS” service, however. His servers that he has used go back to “Net-0x2a: Zharkov Mukola Mukolayovuch” in the Ukraine, and also “PIRADIUS” in Malaysia. This is someone familiar with underground hosting, it seems.

Source

Tags

Viruses & Malware

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Simplenews subscription

Stay informed - subscribe to our newsletter.
The subscriber's email address.
Keeping Knowledge Free for Over a Decade

Copyright © 2018 Hack In The Box. All rights reserved.

36th Floor, Menara Maxis, Kuala Lumpur City Centre 50088 Kuala Lumpur Malaysia
Tel: +603-2615-7299 Fax: +603-2615-0088